Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-20436

XSS vulnerability in manager module

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 14
    • Fix Version/s: None
    • Component/s: FreePBX Distro
    • Labels:
      None
    • ToDo:
    • Distro Version:
      SNG7-PBX-64bit-1904-2
    • Distro:
      FreePBX Distro

      Description

      html\admin\modules\manager\views\form.php
      https://github.com/FreePBX/manager/blob/release/13.0/views/form.php
       
      Unsanitized $_REQUEST['managerdisplay'] reflected in HTML leads to XSS (as you can see in screenshot attached tested on latest FreePBX ISO)
       
      http://XXXX/admin/config.php?type=tool&display=manager&managerdisplay=cxpanel%22%3E%3Cscript%3Ealert(1)%3C/script%3E&view=form
       
      if (isset($_REQUEST['managerdisplay'])){
        $managerdisplay = $_REQUEST['managerdisplay'];
        $subhead = '<h2>'._("Manager").' '.$managerdisplay.'</h2>';
        $delURL = '?display=manager&managerdisplay='.$managerdisplay.'&action=delete';

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                fdanard Franck Danard
                Reporter:
                respect respect
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: